The Solution Requirements and considerations

Similar documents
CITY OF MONTEBELLO SYSTEMS MANAGER

Cisco How Virtual Private Networks Work

UNITED NATIONS DEVELOPMENT PROGRAMME TERMS OF REFERENCE

SPECIFIC PROCUREMENT NOTICE IT SERVICES

E-Commerce. Infrastructure I: Computer Networks

IP VPn COMMITTED TO QUALITY

VMware vcloud Air Accelerator Service

ON-LINE EXPERT SUPPORT THROUGH VPN ACCESS

RFP Annex A Terms of Reference UNHCR HQ Data Centre Colocation Service

Exam: : VPN/Security. Ver :

Responsible Officer Approved by

Connected Health Principles

BREITKOM Network Sdn Bhd Corporate Profile

Introduction to SURE

Security

INFORMATION SECURITY. One line heading. > One line subheading. A briefing on the information security controls at Computershare

Policy. London School of Economics & Political Science. Remote Access Policy. IT Services. Jethro Perkins. Information Security Manager.

Water Provider Relocates, Modernizes Data Center

ITG. Information Security Management System Manual

Guidelines. Technical and Financial Support. State Wide Area Network (SWAN)

Cyber Security Requirements for Electronic Safety and Security

AppPulse Point of Presence (POP)

POSITION DESCRIPTION

IT Managed Services. Schedule 1 Specification 11/07/18

Cisco Data Center Accelerated Deployment Service for Nexus 9000 (ASF-DCV1-NEX-ADS)

Campus Network Design

NATO. 1. Course Title. DCIS ComS Foundation (Online) 2. Identification Number (ID) 3. Purpose of the Course

Reaping the Benefits of Managed Services

PASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year

Call for Expressions of Interest

Version 1/2018. GDPR Processor Security Controls

Request for Proposal. I. Introduction. II. Scope of Work. IT Managed Services Support. IT Environment. Main Facility

Automate sharing. Empower users. Retain control. Utilizes our purposebuilt cloud, not public shared clouds

Service Description: CNS Federal High Touch Technical Support

Community Development Commission of the County of Los Angeles

ISO/IEC INTERNATIONAL STANDARD

SERVICE DESCRIPTION DEDICATED SERVER

Automating VPN Management

CISCO QUAD Cisco CCENT/CCNA/CCDA/CCNA Security (QUAD)

Service Description: Identity Services Engine Implementation-Subscription Service

EVERYTHING YOU NEED TO KNOW ABOUT NETWORK FAILOVER

Deploying Cisco SD-WAN on AWS

SD-WAN. Managed Services. Expereo SD-WAN Managed Services Overview.

RFP Questions Guideline For Data Center Buyers

Dell helps you simplify IT

NASCIO Recognition Award Nomination. Title: Central Issuance of State Drivers Licenses. Category: Digital Government Government to Citizen

Commission for Environmental Cooperation (CEC) Sponsored Workshop on Environmental Assistance Programs and Resources for Automotive OEMs and Suppliers

VMworld disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no

ENISA s Position on the NIS Directive

Unified Communications Networks Security and Platforms

Portfolio Solution Story

Trust Services Principles and Criteria

Realiable and extensive solutions for your business #EmpoweringYourFuture

Service Description: Advanced Services Fixed Price Cisco WebEx Advise and Implement Service (0-5,000 Users) (ASF- WBXS-UC-PDIBSE)

Hosted Testing and Grading

SOLUTIONS BRIEF GOGO AIRBORNE SECURITY SUMMARY 2017 Q3 RELEASE

enalyzer enalyzer security

DIGITAL APPRENTICESHIPS

Figure 1: Summary Status of Actions Recommended in June 2016 Committee Report. Status of Actions Recommended # of Actions Recommended

How Cisco ASR 1000 Enables Cisco Business Strategies by Providing Capacity and Resiliency for Collaborative Applications

PassReview. PassReview - IT Certification Exams Pass Review

Digital Advisory Services Professional Service Description SIP SBC with Field Trial Endpoint Deployment Model

Networking Services. This is IBM Cloud the DNA way.

Managed Services Rely on us to manage your business services

Page 2 Skype Connect Requirements Guide

Cisco Dynamic Multipoint VPN: Simple and Secure Branch-to-Branch Communications

MASERGY S MANAGED SD-WAN

DISTRICT OF COLUMBIA WATER AND SEWER AUTHORITY DEPARTMENT OF PROCUREMENT

SD-WAN Transform Your Agency

SERVICE DEFINITION G-CLOUD 7 THALES PSN REMOTE ACCESS. Classification: Open

W H I T E P A P E R : O P E N. V P N C L O U D. Implementing A Secure OpenVPN Cloud

LANCOM Techpaper Advanced Routing and Forwarding (ARF)

Draft Applicant Guidebook, v3

Kuh-ke-nah Network and Services Page 1 - January 2004

Campus Network Design. 2003, Cisco Systems, Inc. All rights reserved. 2-1

Telecommunications RFP 02. for. North Country Telemedicine Project (NCTP) Network

How does your organization manage Privileged Users?

Accessing CharityMaster data from another location

Cisco Dynamic Multipoint VPN: Simple and Secure Branch-to-Branch Communications

Campus Network Design

CND Exam Blueprint v2.0

Connecticut Department of Department of Administrative Services and the Broadband Technology Opportunity Program (BTOP) 8/20/2012 1

Defining IT Security Requirements for Federal Systems and Networks

QuickBooks Online Security White Paper July 2017

Registration of Suppliers

Agenda. TÜV Secure it GmbH short introduction. Risk Analysis Case Study. Certification Procedure. w w w. t u v. c o m 2/ 18. TÜV Secure it GmbH 2003

Campus IT Modernization OPERATIONAL CONTINUITY FLEXIBLE TECHNOLOGY MODERNIZED SYSTEMS

Corporate Private Networks Applications

ECSA Assessment Report

Level 1 Technical Firewall Traversal & Security. Level 1 Technical. Firewall Traversal & Security. V2 Page 1 of 16

ITG. Information Security Management System Manual

Realiable and extensive solutions for your business #EmpoweringYourFuture

Exam: Title : VPN/Security. Ver :

Digital Advisory Services Professional Service Description SIP Centralized IP Trunk with Field Trial Model

Customer Managed Connectivity - Milan

Mobility+ Computing Deployment and Management. Course Outline. Mobility+ Computing Deployment and Management. 07 Apr

Kuh-ke-nah Network and Services Page 1 - April 2005

Position Title: IT Security Specialist

Background Note on Possible arrangements for a Technology Facilitation Mechanism and other science, technology and innovation issues

Truffle Broadband Bonding Network Appliance

Transcription:

Annex A TERMS OF REFERENCE Virtual Private Network (VPN) tunnel installation and Very Small Aperture Terminal (VSAT) internet connectivity for Migration Information and Data Analysis Systems (MIDAS) at ports of entry in Somalia Introduction Since 2007, the International Organization for Migration (IOM) has been assisting Somalia in strengthening its Immigration and border management in order to promote safe migration and mitigate security threats. In partnership with Departments of Immigration in Somalia, IOM has been supporting the upgrade of infrastructure and equipment at the various ports of entry, review of Immigration legislation and policy, organization capacity development, support to Inter-agency /regional cooperation and Border Information Management (BIM) through installation of Migration Information and Data Analysis Systems (MIDAS). The MIDAS Software has been designed by IOM to enable States with no or inadequate data capture system to equip themselves and have the operational means to take up the challenge of enhanced migration management. The system enables to collect, process and store travellers information, including bio-data, at entry and exit border points, for the purpose of idenfication, authentication, data collection and analysis. It contributes to better monitor border movements but also shape reactive migration and border management policies. To date thirteen ports of entry in Somalia have the system installed with an increased need to reach more ports OF entry thus, the need for enhanced connectivity at all the ports of entry to ensure timely and safe data exchange and back-up on central servers for maximum security at the ports of entry in Somalia thereby mitigating any security threats. To achieve this IOM, wishes to engage the services of a competent internet service provider /solutions company in Somalia with the right capacity to install a VPN tunnel and provide a VSAT internet for connectivity of the MIDAS at the various ports of entry with a readily available 24/7 technical client support services. Headquarters: 17 route des Morillons C.P. 71 CH-1211 Geneva 19 Switzerland Tel: +41.22.717 91 11 Fax: +41.22.798 61 50 E-mail: hq@iom.int Internet: http://www.iom.int

2 Objective: To provide a VPN Connectivity and VSAT Internet Service to ports of entries with MIDAS in FGoS (Federal Government of Somalia) and Puntland state Departments of Immigration. Target: The project targets connectivity of 8 ports of entries in FGoS and Puntland state Immigration Departments already using MIDAS. The Proposed Technical Connectivity Solution The proposed solution should enhance reliable communications between Immigration headquarters and remote sites with maximum availability throughout using internet cloud with a remote VPN connection that provides remote access to the end users, through a private network, each remote user or station can directly access the headquarter network without any congestion or restriction using the internet cloud, secure VPN tunneling will encrypt all requests from the remote access point to provide encryption between the remote stations and the headquarter, the below approaches are vital: a) Either using a satellite VSAT connection for each remote site/port of entry b) Or an existing Internet infrastructure, depending on the bandwidth requirement for each station, many employees can access the VPN simultaneously. The Solution Requirements and considerations a) Firewall- Cisco IOS Firewall helps ensure your networks availability and the security of department's resources by protecting any network threats - and application-layer attacks. The VPN configuration and policies should be configured in the firewall to filter any packets outside and inside the network. Less resources of equipment will be used as the network scale is small and in the near future will be upgraded into medium and large scale infrastructure. b) Router- Cisco IOS router will be used at the HQ to provide any routing requirements inside the headquarter and enhance the packet forwarding between stations, this router can be eliminated using a layer 3 switch depending on the number of employees inside the headquarter, provide a full control of packet filtering and path selection to minimize the tcp/ip overhead. c) Switches- Layer 3 cisco switches will be used in each remote station for their local network to help increase the performance of packet forwarding, and more connection reliability to the VPN access, all the work stations will be connected to this switch and can simultaneously access the network without any delay.

3 Figure 1. On VPN Design topology using local ISP Connections The solution should be capable of the following in addition to the basic WAN connectivity and ability to access the headquarter but also provide: a) Extend geographical connectivity b) Reduce operational costs versus traditional WANs c) Reduce transit times and traveling costs for remote users d) Improve productivity e) Simplify network topology The features needed in a well-designed VPN should incorporate these items: a) Security b) Reliability c) Scalability d) Network Management e) Policy Management Based on the type of VPN (remote-access), you need to put in place certain components to build your VPN. These might include: a) Desktop software client for each remote user b) Dedicated hardware such as a Cisco VPN Concentrator or a Cisco Secure Firewall c) Dedicated VPN server for dial-up services / Firewall or router

Duties and Responsibilities: 4 Under the overall supervision of IOM Somalia Chief of Mission (COM) and the direct supervision of the IBM (Immigration and Border Management) Project Manager IBM (PM), the contracted firm will be responsible for the following duties and tasks. 1) Develop and create a VPN tunnel between the ports of entry locations and also provide a Support management of VPN Services. 2) The VPN must have a layer two tunnelling Protocol/Internet Protocol security (L2TP/IPSec) over an intermediate network. 3) All necessary hardware, cabling and software (if required for Internet service) should be provided and set up by the contractor 4) Free and unlimited technical support to the VPN system installed 5) Free and unlimited technical support to the VPN system installed 6) The selected contractor must provide weekly reports on network performance, utilization and usage analysis. 7) The contractor must undertake the responsibility of the Internet connection and also have an especial internet backup for the VPN connection, which will be used when there is no an Internet for whole. 8) Install site-to-site VPN connections to enable immigration departments have routed connections between separate offices or with one to another point of entry over a public network while helping to maintain secure communications. 9) Installation of VSAT connection for supporting the broadband internet connection between the points of entry for the immigration Departments in FGoS and Puntland 10) Establish a permanent monitoring system in conjunction with the technical supervisor on each site in order to ensure provision of a dedicated bandwidth required and a stable Internet connection; such system should be accessible. 11) Establish 2 or 3 technical repair teams, capable of a rapid intervention on any site at the ports of entry 12) Set up a help desk service available to the client 24/7 and provide all necessary information on such service. 13) Training of immigration IT officers and IOM-IT staff in each site with regards to the operation of the system and operational support arrangements. This training should take place as part of the installation of maintenance system. As an additional option, the contractor should also offer a more specialized training on the connectivity and VSAT solution, with a possibility of certifying IOM technical personnel in the VSAT and the connectivity system. 14) All administrative and logistics support involved with the maintenance of this network and connectivity will be responsibility of the service provider for the next six months after installation. 15) The Contractor is responsible for ensuring that all necessary items are appropriately insured against all risks including damage caused by fire, flood and lightning strikes in respect of its property and any equipment used in the execution of the service. 16) The Contractor must be a telecommunication company or Internet Service Provider who owns and operates the internet facilities starting from the local loop up to the internet gateway, and also can cover all areas in Somalia in FGoS and Puntland state.

5 17) The Connection should have a 24-hours-per-day, 7 days-per-week access. Deliverables: 1) An accurate assessment of the current capacity and structure and concrete recommendations to improve the connectivity system at the all ports of entry. 2) Install internet connectivity with VPN tunnels at the ports of entry in Puntland and FGoS 3) Install VSAT connection for supporting the broadband internet connection between the ports of entry 4) Set up a help desk service available to the client 24/7 and provide all necessary information on such service. 5) A perfect development of the current capacity and structure and concrete recommendations to improve the connectivity issues between the points of entry at FGoS and Puntland 6) Training of immigration IT officers and IOM-IT staff in each site with regards to the operation of the system and operational support arrangements 7) Provide technical support for regional networks and regional events Time schedules of Deliverables The company will be responsible for coordinating work with appointed technical team in order to achieve greater efficiency in the ports of entry connectivity system enhancement. 1) The installation of the VPN connectivity system to all ports of entry will be done after and up to within 30 days upon signature of the contract. 2) Installation of the VSAT internet services will be done at all the ports of entry to within and up to 45 days 3) All installation works should be accomplished and connection launched within 90 days days after the signing of the Contract. 4) The Connection should have a redundant connectivity which ensures 100% network availability. 5) Effective and efficient communication and connectivity/network design between 8 ports of entry completed within 90days

6 Hardware and Software Requirements for VPN Installation/Configuration No. Device Name Description Qty 1. Cisco Router CISCO2951-SEC/K9,Security Bundle w/sec license PAK 2 2. Cisco Switch (WS- Cisco Catalyst 3560-C Switch 8 GE, 2 x Dual Purpose 7 C3560CG-8TC-S ) Uplink, IP Base 3. Cisco Firewall Cisco ASA 5505; with Security bundle 2 4. VSAT 1.8M, Azimuth 0 0-360 0, elevation 1 0 ~80 0, Relative Humidity 100% 7 No. Tasks on Installation and Configurations Quantity 1. Installing Power Backups, inverters All Ports of Entry 2. Installing Cisco Router, Switch and Firewall. All Ports of Entry 3. Basic Configuration of Router, Switch and Firewall. All Ports of Entry 4. Installing and enabling security bundles in firewall and Cisco All Ports of Entry router. 5. Configuring VPN Tunnels for the remote users. All Ports of Entry 6. Configuring IP security to provide 3des 256 encryption key. All Ports of Entry 7. Configuring Remote VPN with Public IP Address. All Ports of Entry 8. Testing and verifying configurations All Ports of Entry 9. Installing VSAT All Ports of Entry 10. Training of IT technical staff All Ports of Entry For consulting firms/companies participating in the call for proposals, provide the following: Provide an outline of technical and financial proposal including proposed methodology, time schedule and work plan for the consultancy; Company Profile (including the names of owners, key officers, technical personnel attached to this project with their relevant CV s) Company's Articles of Incorporation, Partnership or Corporation, whichever is applicable, including amendments thereto, if any. Certificate of Registration from host country's Security & Exchange Commission or similar government agency/department/ministry Valid Government Permits/Licenses in Somalia Audited Financial/Bank Statements for the last 3 years Certificates from the Principals (e.g. Manufacturer's Authorization, Certificate of Exclusive Distributorship, Any certificate for the purpose, indicating name, complete address and contact details) List of contracts entered into for the last 3 years(indicate whether completed or ongoing) in related works Organizational Structure / Organogram CVs of Key technical Staff Detailed proposal for the work with clear implementation framework

7 A. Data, Local Services, Personnel and Facilities to be provided by IOM a) IOM Somalia Nairobi coordination offices will conduct a briefing to Service provider/consulting firm at the beginning of the contract. b) The payment to the service providers/consulting firms is all inclusive. The expenses shouldered if any by IOM, through facilitation of IOM for air travels to, local transport and accommodation in Somalia will be deducted from the final payment to the contracted firm.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback